Permalink
Browse files

closes #6024

  • Loading branch information...
barisusakli committed Oct 31, 2017
1 parent 5b2a674 commit 18f4f27fe0757ca11e4d54ab8ed38dc02ab3dbbb
Showing with 26 additions and 5 deletions.
  1. +1 −1 public/language/en-GB/error.json
  2. +9 −1 src/user/picture.js
  3. +15 −2 test/uploads.js
  4. +1 −1 test/user.js
@@ -79,7 +79,6 @@
"content-too-long": "Please enter a shorter post. Posts can't be longer than %1 character(s).",
"title-too-short": "Please enter a longer title. Titles should contain at least %1 character(s).",
"title-too-long": "Please enter a shorter title. Titles can't be longer than %1 character(s).",
"invalid-title": "Invalid title!",
"category-not-selected": "Category not selected.",
"too-many-posts": "You can only post once every %1 second(s) - please wait before posting again",
"too-many-posts-newbie": "As a new user, you can only post once every %1 second(s) until you have earned %2 reputation - please wait before posting again",
@@ -99,6 +98,7 @@
"cant-remove-last-admin": "You are the only administrator. Add another user as an administrator before removing yourself as admin",
"cant-delete-admin": "Remove administrator privileges from this account before attempting to delete it.",
"invalid-image": "Invalid image",
"invalid-image-type": "Invalid image type. Allowed types are: %1",
"invalid-image-extension": "Invalid image extension",
"invalid-file-type": "Invalid file type. Allowed types are: %1",
@@ -88,7 +88,12 @@ module.exports = function (User) {
function (path, next) {
picture.path = path;
var extension = data.file ? file.typeToExtension(data.file.type) : image.extensionFromBase64(data.imageData);
var type = data.file ? data.file.type : image.mimeFromBase64(data.imageData);
if (!type || !type.match(/^image./)) {
return next(new Error('[[error:invalid-image]]'));
}
var extension = file.typeToExtension(type);
var filename = generateProfileImageFilename(data.uid, 'profilecover', extension);
uploadProfileOrCover(filename, picture, next);
},
@@ -127,6 +132,9 @@ module.exports = function (User) {
}
var type = data.file ? data.file.type : image.mimeFromBase64(data.imageData);
if (!type || !type.match(/^image./)) {
return callback(new Error('[[error:invalid-image]]'));
}
var extension = file.typeToExtension(type);
if (!extension) {
return callback(new Error('[[error:invalid-image-extension]]'));
@@ -13,9 +13,9 @@ var user = require('../src/user');
var groups = require('../src/groups');
var privileges = require('../src/privileges');
var meta = require('../src/meta');
var socketUser = require('../src/socket.io/user');
var helpers = require('./helpers');
describe('Upload Controllers', function () {
var tid;
var cid;
@@ -157,8 +157,21 @@ describe('Upload Controllers', function () {
done();
});
});
});
it('should not allow non image uploads', function (done) {
socketUser.updateCover({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
assert.equal(err.message, '[[error:invalid-image]]');
done();
});
});
it('should not allow non image uploads', function (done) {
socketUser.uploadCroppedPicture({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
assert.equal(err.message, '[[error:invalid-image]]');
done();
});
});
});
describe('admin uploads', function () {
var jar;
@@ -763,7 +763,7 @@ describe('User', function () {
name: 'test',
};
User.uploadPicture(uid, picture, function (err) {
assert.equal(err.message, '[[error:invalid-image-extension]]');
assert.equal(err.message, '[[error:invalid-image]]');
done();
});
});

0 comments on commit 18f4f27

Please sign in to comment.